local http = require "resty.jxwaf.http"
local table_insert = table.insert
local table_concat = table.concat
local request = require "resty.jxwaf.request" 
local cjson = require "cjson.safe"
local _M = {}
_M.version = "jxwaf_base_v4"


local default_block_code = 403

local default_block_html = [=[<!DOCTYPE html>
<html lang="cn">

<head>
    <meta charset="utf-8">
    <title>JXWAF拦截页面</title>
    <meta name="keywords" content="JXWAF,JXWAF控制台,WAF,锦衣盾,Web应用防火墙" />
    <meta name="description" content="JXWAF，开源Web应用防火墙" />

    <meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1,user-scalable=no">
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="apple-mobile-web-app-status-bar-style" content="black">
    <meta name="screen-orientation" content="portrait">
    <meta name="x5-orientation" content="portrait">
    <meta name="full-screen" content="no">
    <meta name="x5-fullscreen" content="true">
    <meta name="x5-page-mode" content="app">
    <meta name="msapplication-tap-highlight" content="no">
    <meta name="renderer" content="webkit">
    <meta name="referrer" content="always">
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
    <link rel="shortcut icon" href="">
    <style>
        html {
            height: 100%;
        }

        body {
            margin: 0;
            height: 100%;
        }

        .container {
            text-align: center;
            word-break: keep-all;
            height: 100%;
            width: 100%;
            background: white;
            font-size: 14px;
            min-height: 480px;
            position: relative;
        }

        .content {
            width: 100%;
            height: 100%;
        }

        .logo {
            text-align: center;
        }

        .intercepted {
            margin-top: 1.5rem;
            margin-bottom: 1.5rem;
            font-size: 20px;
            line-height: 1.6;
            color: black;
        }

        .intercepted-tips {
            margin: 8px 0;
            font-size: 14px;
            color: rgba(0, 0, 0, 0.7);
        }

        .intercepted-item {
            margin: 8px 0;
            color: rgba(0, 0, 0, 0.3);
        }
    </style>
</head>

<body>
    <div class="container">
        <table class="content">
            <tr>
                <td>
                    <div class="logo">
                        <img style="width: 150px;" src="" />
                    </div>
                    <div class="intercepted">
                        当前请求存在风险,已被拦截
                    </div>

                    <div class="intercepted-item" id="UUID"></div>
                    <div class="intercepted-item">
                        <span>拦截时间</span>: <span id="nowTime"></span>
                    </div>
                </td>
            </tr>
        </table>
    </div>
</body>
<script>
    // 显示当前时间
    function timestring() {
      var d = new Date();
      function p(d) {
        return d < 10 ? "0" + d : d;
      }
      return (
        d.getFullYear() +
        "-" +
        p(d.getMonth() + 1) +
        "-" +
        p(d.getDate()) +
        " " +
        p(d.getHours()) +
        ":" +
        p(d.getMinutes())
      );
    }
    document.getElementById("nowTime").innerText = timestring();
  </script>

  <script>
    // 这段代码是从源文件上直接抄下来的，原封不动的复制下来的
    window.onload = function () {
      try {
        var inserts =
          document.getElementsByTagName("html")[0].nextSibling;
        var insertsData = inserts && (inserts.data || "");
        var incertDataList = insertsData.split(" ");
        var getVal = function (key) {
          return incertDataList[incertDataList.indexOf(key + ":") + 1];
        };
        var request_uuid = getVal("request_uuid");

        // var anymore = getVal('anymore') // 新增参数示例
      } catch (e) {
        console.log(e);
      }
      if (request_uuid) {
        document.getElementById("UUID").innerText = "请求ID: " + request_uuid;
      }
    };
  </script>
</html>]=]

function _M.block(page_conf)
  local code = page_conf['code']
  local html = page_conf['html']
  local request_uuid = ngx.ctx.request_uuid
  ngx.header.request_uuid = request_uuid
  ngx.header.content_type = "text/html;charset=utf-8"
  local output_buffer = {}
  if code and html then
    table.insert(output_buffer, html)
  else
    code = default_block_code
    table.insert(output_buffer, default_block_html)
  end
  table.insert(output_buffer, " <!-- request_uuid: ")
  table.insert(output_buffer, request_uuid)
  table.insert(output_buffer, " -->")
  ngx.status = tonumber(code)
  ngx.say(table.concat(output_buffer))
  return ngx.exit(tonumber(code))
end

function _M.allow()
  local host = ngx.var.host
  local req_host = ngx.ctx.req_host
  local scheme = ngx.var.scheme
  if req_host and scheme == "http" and req_host['advanced_conf'] == "true" and req_host['https'] == "true" and req_host['force_https'] == "true"  then
    local force_https = {}
    force_https[1] = 'https://'
    force_https[2] = host
    force_https[3] = ngx.var.request_uri
    return ngx.redirect(table_concat(force_https), 301)
  end
  return ngx.exit(0)
end

function _M.page_tamper_proof(cache_content_type,cache_page_content)
  local request_uuid = ngx.ctx.request_uuid
  ngx.header.request_uuid = request_uuid
  ngx.header.content_type = cache_content_type
  ngx.status = 200
  ngx.say(cache_page_content)
  return ngx.exit(200)
end

function _M.reject_response()
  return ngx.exit(444)
end







return _M
